...
Altiris Application Control Solution Help 51
Prevent Read/Write to File Types or Network
Locations
Scenario Description
In this scenario, the end user has the following installed:
? Microsoft Word
? Microsoft Excel
Scenario Resolution
1. On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc.
2. In the Altiris Console, select the Tasks tab.
3. In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Application Control Policies.
4. In the left pane, right-click Application Control Policies and select New >
Application Control Policy.
5. Configure the policy as follows:
? Name - "Write-protect Word documents in the Company Invoices directory"
? Description - Prevent Microsoft Word from having write access to, or creating new Word documents in the company invoices directory
? Applies To: - All Computers with Application Control Agent Installed
? Send Application Action Event - Enabled
? Continue enforcing lower priority policies after enforcing this policy - Enabled
6. Click the Include Filters link, select MS Word in the Items Selector dialog, and click Apply.
7. Under Application Actions, click the Actions link.
8. In the Items Selector dialog, click ? , and select Deny File Access Application
Action.
9. In the Deny File Access dialog, enter the following in the appropriate fields:
? Name - Prevent write access of Word documents to Company Invoice directory
? Path - C:\company invoices
? Mime type - Word document
10. Click Apply and close the dialog.
11. In the Items Selector dialog, click ?, select the new Deny File Access
Application Action, and click Apply.
12. Enable the policy and click Apply.
13. In Microsoft Word, open C:\company invoices\invoice 101.doc. The file is read only and can't be modified.
Altiris Application Control Solution Help 52
Other Scenario Tests
1. Create a new document and attempt to save it to c:\company invoices\. You will be unable to open it and will receive a File Permission error.
2. Verify that a Word document can be created or modified in a different directory.
3. In Microsoft Excel, save a spreadsheet to the same location as Step 1. The permissions are limited to Microsoft Word.
Run an Application in an SVS Layer
...